Universal American shows how to put risk in its place
Posted by Courion Corporation on Mon, Nov 07, 2011
There are countless moving parts in information protection because information itself is the ultimate moving part in business today. Direct data exchange with vendors, customers and partners is mandatory for lowering costs and improving efficiency. Critical data is everywhere. It’s replicated in multiple databases, in file systems, on individual hard drives, even smart phones. Staff, customers, partners and vendors can get to it through applications, Web portals, public folders and e-mail attachments.
Keeping a handle on access risks means carefully monitoring all of the paths to critical data, and, specifically, who’s walking on them. Our customer, Universal American Corp., is an example of how to do it right – managing access risk to run the business better, rather than being paralyzed by it.
The way they are doing this is to complement Courion’s traditional Identity and Access Management (IAM) functionality (user provisioning and access certification), with our integration with Symantec’s Data Loss Prevention (DLP) product. Together, we enable UAM to better manage access to sensitive SOX- and HIPAA-related information and identify potential access violations to data in file shares. This product integration adds an identity context to DLP data, allowing business managers to not only identify where sensitive data resides, but also to determine: 1) which users have access to what sensitive data; 2) identify how they obtained that access; and then 3) certify appropriate user access and immediately remediate access that does not align with corporate, federal and industry policies.
UAM has also prioritized the need to automate quarterly attestation processes for SOX-relevant target systems. With an automated solution in place, UAM easily and efficiently performs user attestation by access level for SOX applications. Business managers can also eliminate the risk of “orphan” accounts, or active accounts that exist for employees and contractors who no longer work for the company. As a result, UAM is better able to demonstrate to auditors that terminated employees and contractors have been de-provisioned from their primary accounts and that any stale accounts to other systems are inaccessible.
These are just some examples of how information needs to move freely to support the pace of business these days, especially in an open, connected world where mobile devices are becoming ever more prevalent. With the integration of IAM and DLP solutions, UAM is showing that being “open” does not mean the same thing as being out of control.